Security from CI/CD Pipeline

As a DevOps, you need to focus on your application instead of your Kubernetes risks and configuration. This means that your Kubernetes security needs to start working for you and not the other way around. Ensuring a secured software supply chain from hygiene drift and doing cluster hardening are top priorities for any organization and with Alcide, this can be done from your CI+CD pipeline.

Alcide Dev-to-Production security solution introduces a new approach to Kubernetes platforms security which provides a dedicated offering for each stage of the development pipeline. You can sign up today for Alcide Advisor to get an immediate snapshot of your cluster’s security, risk & hygiene level along with a detailed list of identified issues, description, and recommendation for quick remediation.

Detect Hygiene, Risk & Conformance Drifts from CI+CD Pipeline

Integrated into the CD phase of your CI+CD pipeline, Alcide Kuberentes Advisor provides profile-driven machinery to detect “negative” drifts with respect to a previous deployment across a wide range of Kubernetes and Istio specific security, conformance, hardening, risk, misconfiguration and security best practices. By integrating Alcide Kubernetes Advisor into the Development stage, and actively failing CD pipeline on security issues, becomes effective as compilation error failing a build. Which keeps all those drifts away from Production clusters.

Why Scanning a Kubernetes Resource, Helm Chart Is Not Sufficient?

The Helm charts or Kubernetes resources Way

Automation pipeline end up provisioning first or third party container images, wrapped with Helm charts or Kubernetes resources, and inject configuration and secrets into various locations that are implementation-specific

Cluster operators, are oftentimes run as privileged workload/controller and may introduce resources into the cluster in an autonomous fashion

Mutating Admission Controllers can change deployed resources in a way that may degrade the hygiene level of a resource or increase the associated risk.

How can you detect that drift in the cluster hygiene level and specifics in the software supply chain hygiene? How can you ensure that the bad build fails before moving to Production?

The Alcide Way

The Alcide Kubernetes Advisor is a Continuous Kubernetes and Istio hygiene checks tool that provides a single-pane view for all your K8s-related issues: audit, compliance, topology, network, policies, and threats.

This ensures that you get a better understanding and control of distributed and complex Kubernetes projects with a continuous and dynamic analysis.

A partial list of the checks we run includes:

Kubernetes vulnerability scanning

Hunting misplaced secrets, or excessive secret access

Workload hardening from Pod Security to network policies

Istio security configuration and best practices

The Helm charts or Kubernetes resources Way

Automation pipeline end up provisioning first or third party container images, wrapped with Helm charts or Kubernetes resources, and inject configuration and secrets into various locations that are implementation-specific

Cluster operators, are oftentimes run as privileged workload/controller and may introduce resources into the cluster in an autonomous fashion

Mutating Admission Controllers can change deployed resources in a way that may degrade the hygiene level of a resource or increase the associated risk.

How can you detect that drift in the cluster hygiene level and specifics in the software supply chain hygiene? How can you ensure that the bad build fails before moving to Production?

The Alcide Way

The Alcide Kubernetes Advisor is a Continuous Kubernetes and Istio hygiene checks tool that provides a single-pane view for all your K8s-related issues: audit, compliance, topology, network, policies, and threats.

This ensures that you get a better understanding and control of distributed and complex Kubernetes projects with a continuous and dynamic analysis.

Whitepaper

On-demand Webinar with Codefresh

Providing Continuous Kubernetes Security Through Your CI/CD Pipeline

Alcide secures Kubernetes multi-cluster deployments from code-to-production. Companies use Alcide to scale their Kubernetes deployments without compromising on security. This enables the smooth operation of business apps while protecting cloud deployments from malicious attacks.